commit ed22f7a2ff19a874bc8521f84cb4fd1c7483a23f
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Tue Jun 2 17:09:07 2020 +0000
[OVS][FW] Remote SG IDs left behind when a SG is removed
When any port in the OVS agent is using a security groups (SG) and
this SG is removed, is marked to be deleted. This deletion process
is done in [1].
The SG deletion process consists on removing any reference of this SG
from the firewall and the SG port map. The firewall removes this SG in
[2].
The information of a SG is stored in:
* ConjIPFlowManager.conj_id_map = ConjIdMap(). This class stores the
conjunction IDS (conj_ids) in a dictionary using the following keys:
This patch stores all conjuntion IDs generated and assigned to the
tuple (sg_id, remote_sg_id, direction, ethertype). When a SG is
removed, the deletion method will look for this SG in the new storage
variable created, ConjIdMap.id_map_group, and will mark all the
conjuntion IDs related to be removed. That will cleanup those rules
left in the OVS matching:
action=conjunction(conj_id, 1/2)
Reviewed: https:/ /review. opendev. org/744104 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=ed22f7a2ff1 9a874bc8521f84c b4fd1c7483a23f
Committed: https:/
Submitter: Zuul
Branch: stable/ussuri
commit ed22f7a2ff19a87 4bc8521f84cb4fd 1c7483a23f
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Tue Jun 2 17:09:07 2020 +0000
[OVS][FW] Remote SG IDs left behind when a SG is removed
When any port in the OVS agent is using a security groups (SG) and
this SG is removed, is marked to be deleted. This deletion process
is done in [1].
The SG deletion process consists on removing any reference of this SG
from the firewall and the SG port map. The firewall removes this SG in
[2].
The information of a SG is stored in: er.conj_ id_map = ConjIdMap(). This class stores the
* ConjIPFlowManag
conjunction IDS (conj_ids) in a dictionary using the following keys:
* ConjIPFlowManag er.conj_ ids is a nested dictionary, built in the
following way:
This patch stores all conjuntion IDs generated and assigned to the id_map_ group, and will mark all the conjunction( conj_id, 1/2)
tuple (sg_id, remote_sg_id, direction, ethertype). When a SG is
removed, the deletion method will look for this SG in the new storage
variable created, ConjIdMap.
conjuntion IDs related to be removed. That will cleanup those rules
left in the OVS matching:
action=
[1]https:/ /github. com/openstack/ neutron/ blob/118930f03d 31f157f8c7a9e6c 57122ecea8982b9 /neutron/ agent/linux/ openvswitch_ firewall/ firewall. py#L731 /github. com/openstack/ neutron/ blob/118930f03d 31f157f8c7a9e6c 57122ecea8982b9 /neutron/ agent/linux/ openvswitch_ firewall/ firewall. py#L399
[2]https:/
Change-Id: I63e446a30cf10e 7bcd34a6f0d6ba1 711301efcbe c6d9f9e5a254815 109225e299)
Related-Bug: #1881157
(cherry picked from commit 0eebd002ccda66d